﻿<?php

	//Include database connection script
	include("../include/class.connection.php");
	
	//Stat session
	session_start();
	
	if(isset($_POST['SubmitAdmin']))
	{
		$usernameA=$_POST['username'];
		$passwordA=$_POST['password'];	
		
		// To protect MySQL injection 
		$usernameA = stripslashes($usernameA);
		$passwordA = stripslashes($passwordA);
		$usernameA = mysql_real_escape_string($usernameA);
		$passwordA = mysql_real_escape_string($passwordA);
		
		//Adding a new administrator
		$sql="INSERT INTO users (username, password, user) values ( '$usernameA', '$passwordA', 1 )";
		$result=mysql_query($sql) or die(mysql_error());
	}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
	<form id='dodai_admin' action='<?php echo($_SERVER['PHP_SELF']); ?>' method='post'>
		<fieldset >
			<legend>Додаванње на нов Администратор</legend>

			<input type='hidden' name='logged_in' id='logged_in' value='1'/>
			
				<label for="username">Username:</label>
				<input type='text' name='username' id='username' maxlength="50" value="" /><br/>
				<br class="clearBoth">
				<label for="password">Password:</label>
				<input type='password' name='password' id='password' maxlength="50" value="" /><br/>
				<br class="clearBoth">
			
			<div class="buttonRow back">
				<input type="submit" name="SubmitAdmin" value="Додади">
			</div>
		</fieldset>
	</form>
    <br/>
    <?php
		//SITE ADMINISTRATORI
		$res=mysql_query("SELECT * FROM users WHERE user=1") or die(mysql_error());
		while($row=mysql_fetch_array($res))
		{
			echo($row['username']."    ".$row['password']."<br/>");
		}
	?>
<body>
</body>
</html>